Robustness of Equations Under Operational Extensions 



Peter D. Mosses 

Department of Computer Science, Swansea University 
Singleton Park, Swansea, SA2 8PP, United Kingdom 

p.d.mosses@swan.ac .uk 

MohammadReza Mousavi Michel A. Reniers 

Department of Computer Science, Eindhoven University of Technology 
P.O. Box 513, NL-5600 MB Eindhoven, The Netherlands 

m . r . mousaviOtue . nl m . a . reniers@tue . nl 

Sound behavioral equations on open terms may become unsound after conservative extensions of 
the underlying operational semantics. Providing criteria under which such equations are preserved is 
extremely useful; in particular, it can avoid the need to repeat proofs when extending the specified 
language. 

This paper investigates preservation of sound equations for several notions of bisimilarity on 
open terms: closed-instance (ci-)bisimilarity and formal-hypothesis (fh-)bisimilarity, both due to 
Robert de Simone, and hypothesis-preserving (hp-)bisimilarity, due to Arend Rensink. For both fh- 
bisimilarity and hp-bisimilarity, we prove that arbitrary sound equations on open terms are preserved 
by all disjoint extensions which do not add labels. We also define slight variations of fh- and hp- 
bisimilarity such that all sound equations are preserved by arbitrary disjoint extensions. Finally, we 
give two sets of syntactic criteria (on equations, resp. operational extensions) and prove each of them 
to be sufficient for preserving ci-bisimilarity. 

1 Introduction 

Equations, pertaining to behavioral equivalences on open terms, are not robust even under conservative 
extension of operational semantics specifications, i.e., sound equations may become unsound after an op- 
erationally conservative extension (see ifTTTl and also examples throughout the rest of this paper). There 
are several examples of this phenomenon in the literature, for example in the domain of timed extensions 
of process algebras J31 [T3J the equation x + 8 = x ceases to be sound in strong bisimilarity. Providing 
criteria under which equations are preserved is extremely useful. For example, it allows for developing 
general algebraic rules for certain sub-languages - or even for individual constructs - which are guar- 
anteed to hold under all operationally conservative extensions. This paper provides such criteria for the 
preservation of equations that are sound with respect to strong bisimilarity. 

Note that strong bisimilarity is naturally lifted to open terms by defining two open terms to be bisim- 
ilar when each pair of their closed instantiations are bisimilar; this is called ci-bisimilarity (for closed- 
instance bisimilarity lfl5l ). In this paper, we first recall two further notions of bisimilarity on open 
terms, due to de Simone lfl"5l and Rensink lfl4ll . which are strictly finer (more distinguishing) than ci- 
bisimilarity. Subsequently, we show that a very general class of sound equalities, with respect to each of 
the two notions, are preserved under arbitrary disjoint extensions. Hence, these two notions can be used 
to prove sound and robust equations with respect to strong bisimilarity. Then, we illustrate why in gen- 
eral ci-bisimilarity cannot be preserved under arbitrary disjoint extension, and propose (stricter) syntactic 
criteria by which a certain class of axioms, or a certain class of extensions do preserve ci-bisimilarity (on 
open terms). 
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Related work. In |fT51 , de Simone studies a bisimulation proof technique for open terms and proposes 
a notion of bisimulation, which is essentially the same as what we call fh-bisimilarity (for Formal Hy- 
pothesis bisimilarity) in the remainder of this paper. Rensink in lfl4l extends the study of de Simone 
and provides a comparison of fh-bisimilarity with ci-bisimilarity. He also proposes another notion of 
bisimilarity, called hp-bisimilarity (for Hypothesis Preserving bisimilarity) and compares it to fh- and ci- 
bisimilarity. In HI, Aceto, Bloom and Vaandrager give an algorithm for generating sound and complete 
axioms for SOS specifications in the GSOS format of (5J; they also show that the generated axioms also 
remain sound under certain disjoint extensions introduced by their own algorithm. Our results in this 
paper generalize and give some more insight on the aforementioned result of IU. In O Aceto, Cimini 
and Ingolfsdottir introduce a bisimulation proof technique for open terms called rule-matching bisimi- 
larity, which is not generally robust under disjoint extensions; we compare the notions studied here with 
rule-matching bisimilarity in an extended version of the present paper iflOl . 

Structure of the Paper. In Section |2l we review some preliminaries from the literature. In Section [3j 
we show that under some mild conditions fh- and hp-bisimilarity are preserved by conservative exten- 
sions. In SectionlH we show that the same result does not carry over trivially to ci-bisimilarity; however, 
we give sufficient conditions on the equations and the extensions that guarantee ci-bisimilarity to be 
robust. In Section [5j we conclude the paper and present some ideas for future research. 



2 Preliminaries 

2.1 SOS Specifications: Syntax and Semantics 

Definition 1 (Signatures, Terms and Substitutions) We assume a countable set X of variables. A sig- 
nature £ is a set of function symbols (also called operators) with fixed arities; the arity of f is denoted 
by ar(f). The set of terms on signature E, denoted by T(E) and ranged over by s,t,so,to, . . ., is defined 
inductively as follows: variables and function symbols of arity zero (also called constants) are terms; 
given a list of terms, their composition using a function symbol (while respecting the arity of the function 
symbol) is a term. Terms are also called open terms; the set of variables in t is denoted by vars(t). Closed 
terms on signature £, denoted by C(£) and ranged over by p,q,.. ., are those terms in T(£) that do not 
contain any variable. A (closing) substitution o : X — > T(£) is a function from variables to (closed) 
terms. Substitutions are lifted to terms (as their domain) in the usual manner. 

Definition 2 (Transition System Specification (TSS)) A transition system specification T is a tuple 
(L,L,D) where £ is a signature, L is a set of labels (with typical members a,b,ao,. . .) and D is a set 

of deduction rules. For all I G L, and t,t' € T(£) we define that t—tt' is a formula; t is its source and 
t' is its target. A formula is closed when all terms appearing in it are closed. A deduction rule dr € D is 
defined as a pair (H,c), where H is a set of formulae and c is a formula; c is called the conclusion and 
the formulae from H are called the premises. A deduction rule is /-defining when the head operator of 
the source of its conclusion is f. A deduction rule is an axiom when its set of premises is the empty set. 

We sometimes refer to a TSS for its set of deduction rules. A deduction rule (H,c) is also written as 
— ; in the latter syntax, if the set H of premises is empty, it is just left out. 
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Definition 3 (Provable Ruloid) A deduction rule j is a provable ruloid of TSS T when there is a well- 
founded upwardly branching tree with nodes labelled by formulae and of which 

• the root is labelled by <$>; 

• if a node is labelled by \jf and the nodes immediately above it form the set K then: 

— \ff is of the form x-^t-x 1 for some distinct x,x! £ X, \ff £ H and K = 0, or 

— is an instance of a deduction rule in T. 

A TSS is supposed to define a transition system, i.e., a set of closed formulae. In our setting the 
transition relation associated with a TSS is the set of all closed formulae such that -r is a provable 
ruloid. 

Example 4 As an illustration, consider a TSS (£,L,D) corresponding to a sublanguage of CCS /[£]/, 
where £ comprises the constant 0, a unary operator a. -for each a £ L, and a binary operator _+ _ , Lis 
some set of actions {a,b, . . .}, and D consists of the following deduction rules for each a £ L. 




a a i a , 

OC.x — >x x + y — >x x + y — >y 

The associated transition relation includes formulae such as + a.O— %0, but no formula of the form 
— > p. The equations x+{y + z) = (x + y) +z, x + y = y + x, x + x = x and x + = x are all sound 
(regardless of whether the rules of the first form above are included or not). The TSS can be extended to 
full CCS: this involves adding not only new operators and their defining rules, but also new labels ( all 
co-actions a,b,.. . and the silent action X). The associativity and commutativity equations for + remain 
sound under any such extension. However, the last two equations cease to be sound, unless the (obvious) 
rules defining + for the new labels are added too. 

In Section [3] we establish theorems which guarantee preservation of sound equations by extension, under 
some mild conditions. 



2.2 Rule Formats 

It is customary in the meta-theory of SOS to restrict the syntax of TSSs in order to obtain semantic 
results. Such classes of TSSs with restricted syntax are called rule formats (3] [T2J. One important rule 
format, studied extensively in the literature is GSOS, which is due to Bloom, Istrail and Meyer [5 ]. Next, 
we define a subset of GSOS restricted to positive formulae. We leave the generalization of our results to 
the full GSOS format (which allows negative formulae as premises) for the future. 

Definition 5 (Positive GSOS Rule Format) A deduction rule is in the positive GSOS format when it is 
of the following form. 

{xi^yij | ieijeJi} 
/(xi,..., 

where n = ar(f), the variables Xi,...,x n and ytj are all pairwise distinct, I is a subset of {/ 1 1 < i < n}, 
I and Jj, for each i € /, are finite index sets, and vars(t) C {x\,...,x n }U {v,-y | i £ I,j G /,}. A TSS is in 
the positive GSOS format when all its deduction rules are. 

We denote by A the set of all premises of the form x—^x' for distinct x,x' £ X: A = {x—^x' \ 
x,x' £X Ax^x'A / €L}. 
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2.3 Extending SOS Specifications 

Definition 6 (Disjoint Extension) Consider two TSSs To = (Eq, Lq, Do) and T\ = {L\,L\,D\) of which 
the signatures agree on the arity of the shared function symbols. The extension of To with T\, denoted by 
T§\JTi, is defined as (Eo U£i,Lo ULi, DoUDi). 

To U T\ is a disjoint extension of To when each deduction rule in T\ is f -defining for some f G Ei \Lq. 

If both To and To U T\ are in the positive GSOS format, we speak of a disjoint positive GSOS extension. 
Any disjoint positive GSOS extension is also conservative, meaning that any transition that can be derived 
in the extended TSS for a closed term of the non-extended TSS is already derivable in the non-extended 
TSS GO. 

2.4 Behavioral Equivalences 

A notion of behavioral congruence ~ is defined w.r.t. the transition system associated with a TSS. We 
write T \= s ~ t to denote that two open terms s,t G T(E) are related by ~ w.r.t. T . Next, we introduce 
the common notion of strong bisimilarity on closed terms as a notion of behavioral equivalence, and then 
present three extensions of it to open terms. 

Definition 7 (Strong Bisimilarity on Closed Terms) Given a TSS (£,L,D), a symmetric relation R C 
C(E) x C(E) is a strong bisimulation when for each (p,q) G R, I G L and p' G C(£), if p-^p 1 , then 
there exists a q' G C(E) such that q—^q' and (p' ,q') G R. 

Two closed terms p,q G T(E) are strongly bisimilar, or just bisimilar, when there exists a strong 
bisimulation relation R such that (p,q) G R. We write p±±q when p and q are bisimilar, and refer to the 
relation ±± as bisimilarity. 

It is well-known that sound equations with respect to strong bisimilarity on closed terms remain 
sound under disjoint extensions |6j]; in order to study the same result for open terms, we first need a 
notion of behavioral equivalence for open terms. The following definition presents a natural extension 
of strong bisimilarity to open terms. It is often just called strong bisimilarity (on open terms) in the 
literature, but here, we call it closed-instance bisimilarity (ci-bisimilarity) following fl4| , to distinguish 
it from the finer notions of bisimilarity presented afterwards. 

Definition 8 (Closed-Instance Bisimilarity) Two open terms s,t G T(E) are closed-instance bisimilar, 
denoted by s±±^t, when for all closing substitutions a :X — > C(£), o(s)±±(j(t). 

De Simone |[T5l introduced an alternative notion of strong bisimilarity on open terms, called formal 
hypothesis bisimilarity (fh-bisimilarity). He defined it for rules in the de Simone format; the correspond- 
ing definition for rules in the positive GSOS format is as follows. 

Definition 9 (FH-Bisimilarity) A symmetric relation R C T(E) x T(E) is an fh-bisimulation when for 
each two open terms s,t G T(£) such that (s,t) G R, for each provable ruloid — j- — , there exists a 

S Kv' 

provable ruloid — j- — such that (s',t r ) G R. 

t — >t' 

Open terms s and t are fh-bisimilar, denoted by s^±^t, when there exists an fh-bisimulation R such 
that (s,t) G R. 

Definition 10 (SB -Bisimilarity) A symmetric relation R C T(X) x T(£) is an fh-bisimulation when for 
each two open terms s,t G T(£) such that (s,t) G R, the following two items holds: 
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1. for each a, a' :X — s> T(E) such that for all x G X, (a(x),a / (x)) G R, it holds that (o(s),o'(t)) G R, 
and 

2. for each provable ruloid — ; — , there exists a provable ruloid — ; — such that (s 1 ',t') G R. 

s — >s' t — >t' 

Open terms s and t are sb-bisimilar, denoted by s ±± ih t, when there exists an sb-bisimulation R such 
that (s,t) G R. 

Example 11 Consider the TSS with the following deduction rules 

a . i a . / 

x — >x y — >y 



x + y — >x x + y — >y 

The open terms x+ (y + z) and (x + y)+z are fh-bisimilar. The relation R = {(x+ (y + z),(x+y) +z), 
((x + y) +z,x+ (y + z)) \x,y,z € X} U {(x,x) \ x G X} is an fh-bisimulation. 

Rensink |[T4l defined fh-bisimilarity for conditional transition systems. He also introduced a coarser 
(i.e., more identifying) notion called hypothesis-preserving bisimilarity (hp-bisimilarity), based on in- 
dexed families of binary relations (similar to history-preserving bisimilarity Q). The corresponding 
definition for positive GSOS is as follows. 

Definition 12 (HP-Bisimilarity) A class of symmetric relations (^r)rcA' Q T(E) x T(E) for 

each r C A, is an hp-bisimulation when for each two open terms s,t G T(E) and each T C A such that 
(s,t) G Rr, for each provable ruloid —r — with T C T', there exists a provable ruloid —j — such that 

s — >s' t — H' 

(s',t')eR T >. 

Open terms s and t are hp-bisimilai - , denoted by s±± hp t, when there exists a hp-bisimulation (/?r)rcA 
such that (s,t) G R®. 

Note that [14) also defined a notion of hp-bisimilarity under a given set of hypotheses, which we will not 
address any further in this paper. 

FH-bisimilarity implies hp-bisimilarity, which in turn implies ci-bisimilarity | fl4l Theorem 3.7]. The 
reverse implications do not hold lfl4l Example 3.3]. 

Ci-bisimilarity is not preserved by disjoint positive GSOS extensions (see e.g., ifTTl Example 4] and 
also Examples |2T1 and 1221 in the remainder of this paper). In the next section we show that under some 
mild conditions the notions of fh- and hp-bisimilarity are preserved by disjoint positive GSOS extensions. 

Note that +± and o ci coincide on closed terms. Furthermore for TSSs in the positive GSOS format 
o hp and f^fl, on closed terms also coincide with +± (and hence with ±± ci as well). 



2.5 Equational Theories 

Definition 13 (Equational Theory) The set of all equations over terms of signature £ is denoted by 
<#(£). An equational theory E over E is a subset of S (E). An equational theory E is proper if for each 
t = t' G E, neither t nor t' is a variable. 

An equational theory E proves an equation t = t', denoted by E\~t =t' when t = t' is in the smallest 
equivalence and congruence closure ofE. 

An equational theory E is sound w.r.t. to a TSS T (also on signature EJ and a particular notion of 
behavioral congruence ~ if and only if for all t,t' G T(E), ifE h t = t', then it holds that T \=t ~ t'. 

Consider a TSS Tq; its (disjoint) extension TqUTi preserves an equivalence ~ w.r.t. Tq, when all 
sound equational theories w.r.t. ~ on Tq are also sound w.r.t. ~ on Tq U T\. 
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3 Disjoint Extensions Preserve FH- and HP-Bisimilarity 

In this section we show that both fh-bisimilarity and hp-bisimilarity are not necessarily preserved by 
disjoint extensions, not even for proper equations. Then we show that fh-bisimilarity and hp-bisimilarity 
are preserved by any disjoint extension that does not add new labels to the original TSS. We also introduce 
subsets of fh-bisimilarity and hp-bisimilarity, called proper fh-bisimilarity and proper hp-bisimilarity, for 
which we show that they are preserved by arbitrary disjoint extensions. 

Example 14 Consider a TSS T = (£,L,D) with £ comprising a unary function symbol f,L = {a} and 
D comprising only the following deduction rule. 



Obviously, f(x) Hj, x and therefore, since C ;0^ p , also f{x) ±± hp x. Now, consider the extension 
with TSS T' = (£',!/, D') with £' comprising only the constant b, Lf = {b} and D' comprising only the 
following deduction rule. 



b^b 



Now, it no longer holds that f(x) and x are hp-bisimilar and therefore they are also not fh-bisimilar. 

b 

The reason is that the extension of the label set with label b results in provable ruloids x b y , for each x 

x — >y 

and y. These can not be mimicked by any provable ruloids of f{x). 

The problem with the above example is that the extension introduces provable ruloids for terms over 
the old syntax, namely the variables. In fact, any equation of the form x = f(t\ , • ■ • ,t n ) can be violated 
by a disjoint extension that introduces a new label (even without introducing new syntax). 

The following example shows that for both fh- and hp-bisimilarity it does not suffice either to restrict 
the preservation result to only those equalities that are proper. 

Example 15 Consider a TSS T = (E,L,D) with £ comprising a binary function symbol +, L = {a} and 
D comprising only the following deduction rules. 

x — >x y — >y 



i a > j i j i a , / 
x + y — >x +x x + y — >y 

Obviously, x + y ±± {h y + x, and therefore also x + y ±± hp y + x. Now, consider the extension with TSS 
T' = (L',L',D') with Yl comprising only the constant b, L' = {b} and D' comprising only the following 
deduction rule. 



b^b 



Now, it no longer holds that x + y and y+x are hp-bisimilar. The reason is that the hp-bisimilarity of 
x + y and y + x depends on hp-bisimilarity ofx + x and x. As in the previous example, this equation is not 
preserved by the extension. 



One way to preserve fh- and hp-bisimilarity is to restrict the extensions to those that do not introduce 
any new labels, i.e., extensions which only add new function symbols and their defining rules. 
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Theorem 16 FH-bisimilarity is preserved under any disjoint positive GSOS extension that does not add 
labels. HP-bisimilarity is preserved under any disjoint positive GSOS extension that does not add labels. 

Proof. We give the proof for the preservation of fh-bisimilarity. The proof for the preservation of 
hp-bisimilarity has the same structure and is therefore omitted. 

Consider TSSs To = (Lo,Lo,Do) and Tq\JT\ = (Lq ULi,Lo,Dq UDi) in the positive GSOS format, 
where Tq U 7\ is a disjoint extension of 7b. 

We start with the following lemma. 

Lemma 17 Consider a provable ruloid — £ — w.r.t. Tq U 7\; if in the proof of the ruloid a deduction rule 

S Kv' 

from D\ is used, then s G T(£o U£i) \ T(£o)- 

Proof. When t G T(£o U Y,\ ) \ T(£o) and s s' is proved directly from premises including t — t 1 by 
instantiating a rule in Do, then s G T(£o U£i) \T(Eo) is ensured by the definition of the positive GSOS 
format. The result is then straightforward by an induction on the depth of the proof. Kl 

Assume that To |= s^±^t; this means that there exists a fh-bisimulation relation R such that (s,t) G R. 
We show that R is a fh-bisimulation relation w.r.t. To U T\ as well. Consider arbitrary s,t G T(£o UEi) 
such that (s,t) G R. Hence s,t G T(Eo). Assume that ; is a provable ruloid w.r.t. Tq U T\. We aim to 

show that there exists a provable ruloid of the form „ w.r.t. To U T\ such that (s',t') € R. 

In case — \ — is also a provable ruloid w.r.t. 7b we are done since it then follows from the fact that R 

s — > s' 

is a fh-bisimulation which proves To \= s±± ih t, that there exists a provable ruloid - — w.r.t. Tq such that 
(s',t') G R, hence „ ; is a provable ruloid w.r.t. To UTi, and we already have that (V,f') G /?. 

rV 

So the case remains that — 3 — - is not a provable ruloid of Tq. Then, as the disjoint extension Tq U T\ 
does not add labels w.r.t. Tq it has to be the case that a deduction rule from D\ has been used. Since 
s G T (To)> it follows from Lemma [TTI that in the proof of T a only deduction rules from Do are used. 
Hence, this ruloid is provable w.r.t. Tq, which contradicts the assumption that it is not. M 

We obtain notions of bisimilarity that are preserved by arbitrary disjoint extensions (i.e., possibly 
introducing new labels) by restricting fh- and hp-bisimilarity to 'proper' pairs of terms, as follows. 

Definition 18 (Proper FH- and HP-bisimilarity) A pair (s,t) of terms is proper if both s and t are not 

just variables, or they are the same variable. 

An fh-bisimulation R is called proper if all pairs in R are proper. Two terms s and t are proper 
fli-bisimilar, notation s±± pih t, if there exists a proper fli-bisimulation R that relates these terms. 

An hp-bisimulation (7?r)rcA is called proper if all pairs in each 7?r are proper. Two terms s and t 
are proper hp-bisimilar, notation s±± piip t, if there exists a proper hp-bisimulation (/?r)rcA such that R® 
relates these terms. 

Since a proper (fh- or hp-) bisimulation is also a plain (fh- or hp-) bisimulation, s±± pttl t implies 
sHuf and s±± php t implies s±± hp t. Examples [T4l and [T51 illustrate the difference between proper and 
plain bisimilarity: in Example [T4l we have f{x)±±Q l x but not f{x)±± pi - h x (since no proper bisimulation 
can contain the pair (f(x) ,x)); and in Example [15] we have x + y o hp y + x but not x + y ±± php y + x (since 
when (/?r)rcA is an hp-bisimulation in that example, (x + y,y + x) G R® implies (x' +x',x') G R r " >Y n)- 

Next we show that proper fh-bisimilarity and proper hp-bisimilarity are preserved by any disjoint 
positive GSOS extension. 

Theorem 19 Proper fh-bisimilarity is preserved under any disjoint positive GSOS extension: if To \= 
s±±pfh * then T UTi\= s±± pfh t. 
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Proof. Consider TSSs T = (L ,L ,D ) and TqUT = (E UEi,Lo ULi,D UDi) in the positive GSOS 
format, where 7b U T\ is a disjoint extension of Tq. Assume that Tq \= sOpfh ^ this means that there 
exists a proper fh-bisimulation relation R such that (s,t) € R. We show that R is a proper fh-bisimulation 
relation w.r.t. Tq U T\ as well. 

Consider arbitrary s,t € T(ZoUEi) such that (s,t) £ R. Hence s,t € T(£o)- Since (s,t) is proper we 
can distinguish two cases. The case that s and t are one and the same variable is trivial. For the other case 
assume that (s,t) are both not just a single variable. Assume that r - is a provable ruloid w.r.t. TqUT\. 

We aim to show that there exists a provable ruloid of the form - r w.r.t. To U T\ such that (s',t') € R. 

Since 5 G T(£o)> and s cannot be a variable since R is a proper bisimulation, it follows from (the 
contraposition of) Lemma [T7]that in the proof of „ / only deduction rules from Do are used. Hence, 
this ruloid is provable w.r.t. Tq. It then follows from the fact that R is a proper fh-bisimulation which 
proves Tq \= s±± pih t, that there exists a provable ruloid - r w.r.t. Tq such that (*',/') ^ ^> hence ^ a 
is a provable ruloid w.r.t. Tq U7i, and we already have that (Y,f') € /?. Kl 

Theorem 20 Proper hp-bisimilarity is preserved under any disjoint positive GSOS extension: if Tq \= 
s ±± P hp t th e n TqUT\ (=5 ii php t. 

Proof Consider TSSs T = (L ,Lq,D ) and T Q UT { = (Lq UEi,Lo ULi,D UDi) in the positive GSOS 
format, where Tq U 7\ is a disjoint extension of 7b. Assume that Tq \= s ±± php t; this means that there 
exists a proper hp-bisimulation (7?r)rcA w.r.t. To such that (s,t) G R®. We show that (7?r)rcA is a proper 
hp-bisimulation w.r.t. Tq U T . 

Consider s,t € T(Xo) such that € Rr for some T C A. Since (s,t) is proper we can distinguish 
two cases. The case that s and t axe one and the same variable is trivial. For the other case assume 
that (s,t) are both not just a single variable. Assume that r - with T C T' is a provable ruloid w.r.t. 

7b U 7i . We aim to show that there exists a term t' such that „ is a provable ruloid w.r.t. 7b U Tj and 

Since s € T(£ ) and s is not a variable, it follows from Lemma [T7] that in the proof of " only 
deduction rules from Do are used. Hence, this ruloid — B — is provable w.r.t. Tq. It then follows from 

s — > $ 

Tq \= s±hhp ? that there exists a term t' such that - is a provable ruloid w.r.t. T and (s',t f ) £ R r >. 
Hence „' ; is a provable ruloid w.r.t. Tq U Ti, and we already have that (s',t') ERr- Kl 



4 Preserving CI-Bisimilarity 

4.1 Disjoint extensions do not preserve CI-Bisimilarity 

It is well known that ci-bisimilarity is not preserved even for the disjoint extensions of TSSs. Next, we 
give two abstract examples which illustrate this phenomenon and also hint at its two different causes. 

Example 21 Consider the TSS with the signature containing the constant and the binary operator +, 
the set of labels L = {a,b, . . .} and the following set of deduction rules. 

I ! If 

x — >x y — >y 

leL leL 

x + y — >x x + y — >y 
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Since the only present constant is 0, it does hold that x + y ^± ci 0. Consider a disjoint extension of the 
above-given TSS with a constant a which has the following deduction rule. 




Then x + y o c ; does not hold anymore because, for example, a + is not bisimilar to 0. 

The equation x + y = is not robust w.r.t. ci-bisimilarity because the premises of + are not satisfiable 
in the original TSS, but become satisfiable, leading to some "new" behavior, in the extended TSS. 

Example 22 Consider the TSS with the signature containing a constant a a and the unary operator f, 
the set of labels L = {a,b, . . .} and the following set of deduction rules. 

x — >x 

IGL 

a a ^a m f(x)^x' 

For the above TSS it does hold that f(x) ±± ci a a , but by adding a constant a with the deduction rule given 
in Example [27] this bismilarity ceases to hold. 

The reason for this phenomenon is that the original language is not rich enough to generate all 
possible behavior; hence although the premise of the deduction rule for / is satisfied, the result of the 
transition of f(x) is confined to the behavior allowed by a m and thus, by extending the language f(x) 
may show some new behavior. 

We solve these issues in two ways: first, in Section |4~2l we define some syntactic criteria on equations 
(and deduction rules for function symbols appearing in them), which guarantee that the equations remain 
sound under any disjoint positive GSOS extension; then, in Section 14.31 we propose syntactic criteria 
on the deduction rules appearing in the disjoint extensions, which guarantee that any sound equations 
remain sound under such disjoint extensions. 

4.2 Robust Equations 

Definition 23 (Non-evolving Indices) For an f -defining deduction rule in the positive GSOS format of 
the following form, 

{xi-^yij | ielJeJi} 
f(xo,...,x n -\)-^-t 

where f is an n-ary function symbol, index i < n is called non-evolving, when x; ^ vars(t) and for each 
j G Ju yij i vars(t). 

Index i < n is non-evolving for function symbol f, if it is non-evolving for all f -defining deduction 
rules. 

A term appearing at a non-evolving index may be tested at the current state but will have no influ- 
ence in the future behavior of the term, because neither itself nor its derivative (targets of its possible 
transitions) can appear in the target of any transition of the current state. 

Definition 24 (Initial Action Equivalence and Initial Fertility) Given a TSS T = (L,L,D), the set of 
initial actions of a process p € C(£) w.r.t. T, denoted by initial f(p), is defined by {I \ I G L/\3 p i eC ^T \= 

p — > p'}. Two closed terms p,q € C(Z) are initial action equivalent w.r.t. Twhen initialr(p) = initial 'r(q). 
TSS T is initially fertile when for each L' C L, there is a process p £ C(£) such that initialj{p) = L'. 
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Now we have all the necessary ingredients to establish when a ci-bisimulation is robust under arbi- 
trary disjoint extensions. 

Theorem 25 Assume that an equation t = t', where t,t' G T(E), is sound with respect to ci-bisimilarity 
for an initially fertile TSS T = (L,D,R). If t and t' (individually) do not have repeated occurrences of 
any variable and each open term in t and t' is the argument in a non-evolving index position of a function 
symbol f from E, then t = t' remains sound with respect to ci-bisimilarity for any disjoint extension ofT. 

Proof. We start with the following lemmata, which show the role of non-evolving indices in our context. 

Lemma 26 Consider a TSS T = (E,L,D), two closing substitutions a, a' : X — > C(E) and a set of terms 
tk G C(E), for k G K, such that, for each k G K, t k does not contain repetition of variables, each open 
term in tk is the argument of a non-evolving index of a function symbol (w.r.t. T) and for each x G 

{JkeK vars { t k)> initial T (a'(x)) = initialjipixj). It holds that for each tk, T \= a(^) pk if and only if 

T^a'(t k )^ Pk . 

Proof. The lemma is symmetric in a and a' and hence, proving the implication from left to right suffices. 

We do this by an induction on the maximum depth of the proofs for T (= o(tk) pk, for all k G K. 
Each tk is of the form fk{sm, ■ ■ ■ ,skn k -i) (tk cannot be a variable because open terms, and hence variables, 
are only allowed to appear in the non-evolving indices of a function symbol). The last deduction rule 

applied to derive each transition T \= <7(t k ) Pk is of the following form: 

{xki-^-yuj I ielkJeJi} 



fk{XkO, ■ ■ ■ ,Xkn k -l) -^t'k 



for a substitution a* such that for each j <n k , Ck{xkj) = <*(skj), = Pk, and T \= Ok(x k i) Okiykij) 
with a smaller proof. Our goal is to define a set of substitutions o' k such that o' k {xkj) = o'(skj), a' k (t' k ) = 

p k , and T \= a' k (x ki ) -H c' k (y k ij). 

Take the set of proofs of all premises of such rules, i.e., T \= o(s k {) Ok(y k ij). Either s^ is a 

variable, then we have that initialrip' \$kij) = initialj{o(ski)) and hence T \= o(ski) Puj, for some 
Pkij. Define o' k (xki) = o'(ski) and o^iyuj) = Pkij- Note that su appears in a non-evolving index of / 

and hence yuj cannot appear in t' k . Otherwise, for the set of proofs T \= o(ski) <5k{ykij) such that 

Ski is not a variable, the induction hypothesis applies and hence, we have that T \= o'(ski) —^Ok{ykij)- 
Define a[(xki) = o'(ski) and a' k (ykij) = G k (ykij)- This way, we have completed the definition of a' k 
substitutions satisfying the requirements set before. By applying o' k to the last deduction rule of the 

proof for T \= a(t k ) Pk, we obtain T |= o k (fk(xko, ■ ■ ■ ,Xkn k -l)) — k -+G'(t' k ), or by the definition of a' k , 

T \= o'(fk(sko, ■ ■ .,Skn k -i)) — ^ Gk(t'k)' an d by the property of o' k and the structure of t k , T \= o'(t k ) = 

o'(f k (s k o, . . . ,Skn k -i)) G{t'k) = Pk, which was to be shown. M 

Lemma 27 Consider an initially fertile TSS T = (£,L,D) and a disjoint extension T = (£',!/, D') ofT. 
Consider a closing substitution & ". X — )■ C(E') and a set of terms t k G C(E), for k G K such that, for 
each k G K, t k does not contain repetition of variables and each open term in t k is the argument of a 
non-evolving index of a function symbol (w.r.t. T). If there exists terms p' k G C(E) and labels l k G L 

such that T' \= o'(t k ) p' k for each k G K, then T \= o(t k ) p' k for some G : X — > C(E) such that 
initialji (a' \x)) D L = initial j[p[x)), for each x G \J keK vars(t k ). 
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Proof. We do this by an induction on the maximum depth of the proofs for T \= c'{t k ) — -> p k , for 
all k £ K. Each t k is of the form f k (s k0 , ■ ■ ■ ^kn k -\) (fk cannot be a variable because open terms, and 
hence variables, are only allowed to appear in the non-evolving indices of a function symbol). The last 

deduction rule applied to derive each transition T' \= a'(t k ) p' k is of the following form: 

{xja^-yuj | i€lk,j € Ji} 
fk(xto, ■ ■ ■ ,Xkn k -i) — k ~+t' k 

and a substitution o' k such that for each j < n k , o' k (xkj) = o'{skj), <K(tl) = p' k , an d T' (= o' k {xki) 
o'jfykij) with a smaller proof. Our goal is to define a collection of substitutions Ok '■ X —> C(E) such that 

for each k € K, T \= Ok{t k ) — and a substitution a : X — > C(E) such that o k { x kj) = &(skj), = K' 
and for each jc G Uiejf vara (^)> initiolji (o'(x)) PlL = initialj {o{x)). We make a case distinction based 
on the structure of each % : 

1. Either ^ is a closed term, then define Ok{xki) = Oj^fei) = o'(ski) £ C(E) (because we have that € 

T(E)) and define Gk(ykij) = a 'k(ykij), for each 7 € Then we have that T \= Ok(xki) Ok(ykrj)- 
Moreover, we have that Okiyhj) = &k(ykij) G C(E), because the extension T' is disjoint, hence 

conservative, and Ok{xu), i.e., the source of the transition Gk{*ki) —^-Okiykij), is a closed term in 
C(E). 

2. or is a variable, then i is a non-evolving index of fk and does not appear anywhere else in 
tk- Since T is initially fertile, there exist Pki,p[ij £ C(E), for each 7 € /, such that initialj(pki) = 
initial ji {o k {xki))r\L (following Definition|24]and the fact initial 'r'(o]( HL CL) and hence T (= 

Pki^p' k ij- Define (^(xfe) = and cr fe (y fa y) = p' kjj and we have that T \= a k (x ki ) ^o k (y kij ). 
Since Ski is a variable, it is justified to define a on define <t(.%) = and it follows that 
initial T(c(ski)) = initialj/ (a' (ski)) PlL. 

3. or sid is an open term but not a variable, then we have that T' \= a'{ski) = o' k (x k i) o' k {y k ij) 
for each j € /, with a smaller proof tree than that of o(t). Hence, for the set of all such s k i 
transitions, the induction hypothesis applies and we know that there exists a" such that T \= 

g' \ski) — -4 o' k (ykij) and for each x E vars(ski), initialj/ {o" (x)) PlL = initialj (a' (x)) . For each 
variable x in the domain of o", not defined by the previous item, define o(x) = o"(x). Note that 
if a has been defined by the previous item it holds that initial j/ (&'' '(jc)) PL = initialj {o' {x)) = 

initialj/ {a (x)) f]L and by Lemma l26l we have that T \= o{ski)—^o' k {ykij)- Define Ok{xki) = 

a(s ki ) and a k (y kij ) = o' k {y k ij) and we obtain a proof for T \= o k {xki)^o k {ykij)- 

Note that, firstly, the last two items define a on all variables in \Jk&K vars {h)- Secondly, it holds 
that o'(t' k ) = p k = a(t' k ) because in the second and third cases where the definition of a(z) differs from 
o'(z), z cannot appear in t' k (because i is a non-evolving index of f k and hence Xki cannot appear in t' k ). 
Thirdly, all premises of the deduction rule with Ok applied to them have proof: those of which the source, 
i.e., a' k {xki), was a closed term remain intact under a k , and those with an open term as source appear at 
non-evolving indices and have a proof due to the induction hypothesis and satisfiability, as shown above, 
respectively. Finally, a"{x) is a term in C(E): if tj is a closed term, then o"(xi) is a closed term in C(E), 
because t € T(E), for all such i, and each j € J { , o"{yif) is a closed term in C(E) because the extension 
of the TSS is disjoint and thus conservative, if is an open term, then a"(x, ) is in C(E) because it is so 
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defined either by using the induction hypothesis or by using the fact that the premise is satisfiable, and 
finally for all such i and each j 6 o"(yij) is also in C(E) because its source is in C(E) and the extension 

is disjoint and hence conservative. This completes the proof of T \= o"(t) — -> g"(s) = o"(t) p' for 
a g" : X -> C(E) such that for each x 6 X, initial T >(c"(x)) flL = initial T (a (x)). M 

Lemma 28 Consider t G T(E); assume that t contains no repetition of variables and each open term 
in t appears in a non-evolving index with respect to an initially fertile TSS T = (E,L,D). Consider a 

disjoint extension T = (L',L',D') ofT. IfT\= o'{t) — H> p' for some o' : X —¥ C(E) and I G L, then 

T \= o(t) — p' for any G :X — > C(E') such that initial' {g{x)) DL = initialr(G '(x)), for each 

Proof We have to prove that for each a' : X ->■ C(E), if T |= a'(?) -A // and there exists aa:X^ C(E') 

such that initialT'(o(x)) PlL = initial f (cj'), then r' |= a(?) — >■ We do this by an induction on the 

depth of the proof for T \= <j'(t) — p'. The last deduction rule applied to derive this transition is of the 
following form: 

{xi-^yij \ iei,jeJi} 



/(*o,...,x„_i) — >s 

and t = f(t , • • • ,t n -i), where / is an n-ary function symbol and tj G T(E), for i < n, and there exists a 
substitution Go such that Gofa) = o'(ti) for / < n, and Gq(s) = p' . For each i < n, either tj is a closed 
term, then o'ixi) = o'(ti) = o{tj) G C(E), or it is an open term. If t\ is a variable, then i is a non-evolving 

index of /. Since T \= Ob(x,) = cj'(?,) -^+Ob(yij) for each j G it holds that kj G initialT{oo(xi)) and 

because initialj(o '(?,)) = initial^ (o(ti)) HL, it holds that T \= a(?,) — p\j for some G C(E') (note 
that Ijj G initial T i(a(ti)) and hence (X(/;) has a provable transition in T' labelled If is not a variable, 

we have that T \= Ob(^i) = <^'(ti)—^^o(yij) f° r each j G 7, with a smaller proof tree than that of <7o(0- 

Hence, the induction hypothesis applies and we know that T' (= o(tj) — ^ Oo(j/y). 
Next we define a new substitution Oi as given below. 

o(ti) if x = Xi for some i Gl, 
ai (x) = < p\j \fx = yij for some i G / and 7 G /; s.t. tj = Xj, 
o'(x) otherwise. 

Note that, firstly, the above substitution is well-defined: the cases are pairwise disjoint and for each 
case the mapped termed is defined before. Secondly, it holds that Go(s) = p' = G\(s) because in the 
first two cases where the definition of G\ (x) differs from Gq(x), x cannot appear in s: because i is a non- 
evolving index in both cases, neither the sources of the transition, i.e., x; in case 1, nor the target of the 
transition, i.e., y t j in case 2, can appear in s. Thirdly, all premises of the deduction rule with G\ applied 
to them have proof: those of which the source, i.e., Go(xj), was a closed term remain intact under G\, and 
those with an open term as source appeal - at non-evolving indices and have a proof due to the induction 
hypothesis and satisfiability, as shown above, respectively. Finally, note that <7i(x,-) = a'(f,), for i < n, 

and hence, G\ (f(xo, . . . ,x„_i)) = G'(t). This completes the proof of T \= G'(t) — G\ (s) = G r (t) — -> p'. 

We now aim to show that if t = t' is sound for ci-bisimilarity w.r.t. T = (E,L,D), it is also sound 
for ci-bisimilarity w.r.t. any arbitrary disjoint extension T' = (L',L',D'). Assume that T \= t ±± ci t'. Let 
G : X — > C(E') be an arbitrary closing substitution. We must show that T (= G(t) ±±G(t'). 
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To show this, assume that T \= o(t) — p for some a : X — > C(E'), I EL' and p € C(E'). We show 

that T' \= o{t') // for some /?' such that T' \= p±±p'. It follows from Lemmal27lthat T |= o'{t) — > p, 
for some o' : X — > C(£) such that initialT>{o(x))^L = initial T {o' (x)) for all i£X. Since T |= ? f 

it follows that T |= a'{t') p', for some p' such that T (= p±±p'. Using Lemma l28l we have that 

T |= o[t') — ^-7> p' . Moreover since bisimilarity on closed terms is preserved under disjoint extensions, 

we have that T' \= p±±p'. This completes the proof of the theorem since we have that T' (= o(t') — p' 
and V |= p±±p'. M 



4.3 Robust Extensions 

Theorem 29 Let ~ Z^e an arbitrary equivalence that is defined in terms of transitions. Consider a 
positive TSS Tq and its disjoint extension TqUTi. A set of proper equations E C ${Tq) is sound w.r.t. 
Tq U T\ and ~, i.e., is robust under extension, if the set of labels appearing in the conclusions of the 
deduction rules in T\ is disjoint from the set of labels appearing in the premises of the deduction rules 
in Tq. 

Proof. Take an arbitrary t =t' 6 E; it suffices to show that for each / 6 Lq ULi and to 6 T(£o UEi), 
a ruloid of the form — j- — is provable from To if and only if the same ruloid is provable from To U 7\ . 

t— >t 

(A similar statement should hold for t', the proof of which is identical to the one given above.) We 
argue that no deduction rule in T\ can contribute to the proof structure for — j- — . First of all, the last 

t Ho 

deduction rule used in the proof can only be due to To since the source of the conclusion of the ruloid 
is t € T(Eo) \X. It also follows from the hypothesis of the theorem that if a deduction rule in the proof 
structure is in Tq, the proofs for its premises can only be due to deduction rules in To since the labels of 
conclusions of the deduction rules in T\ do not match the labels of premises of the deduction rules in Tq. 

E 

As a corollary of Theorem |29l we have that if an extension satisfies the hypothesis of Theorem |29l 
then it preserves ci-bisimilarity. 

The following examples are examples of application of Theorem l29l 

Example 30 Consider the TSS To with signature comprising a unary function symbol a. -for each a £ 
A z (the set of all actions, co-actions and the invisible action z) and only the left-most deduction rule 
given below, for each a € A x . Assume that we extend To with T\ given by the other two deduction rules 
below, for each a € A T , and a binary function symbol _ + _ . 




a a , a , 

a.x — >x x + y — >x x + y — >y 

Given any notion of behavioral congruence ~ it follows from Theorem\29\that all sound equations w.r.t. 
Tq are also sound w.r.t. TqVJT\. If ~ is taken to be strong bisimilarity, this is trivial to check manually 
since there is no sound equation w.r.t. To apart from the trivial identities. For weak (branching, it] and 
delay) bisimilarity, a sound set of equations in the original TSS is the following: 

a.Lx = a.xfor each a £ A T , 

which remains sound in the extended setting. 
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Example 31 Consider the TSS Tq defined by the following deduction rules and the signature comprising 
unary function symbols a. -for each a £ A T and -\H for each H C A. 



-a £ H 



a 



.x—tx x\H — >x'\H 



Assume that we extend Tq with T\, which comprises the following deduction rule for each a € A, and the 
signature comprising a binary function symbol _| | _ . 

x — >x y — >y 

II T v / II / 

x\\y — >x \\y 

Fixing a notion of behavioral congruence ~ it follows again from Theorem\29\that all sound equations 
w.r.t. To are also sound w.r.t. TqUT\. If ~ is taken to be strong bisimilarity, in the original systems a 
number of equations do hold, namely: 

(a.x) \H = T.{x\H) for each H C A,a £ H 
x\H\H f =x\(HUH') 

But it is easy to check that all these equations are sound w.r.t. 7q U 7\. 



5 Conclusions 

In this paper, we have defined several criteria under which different notions of strong bisimilarity on 
open terms are preserved by operationally conservative extensions. For the finer notions of bisimilarity 
on open terms, namely fh- and hp-bisimilarity, the criteria are quite mild and are applicable to most 
practical examples. However, the preservation of the coarser notion of ci-bisimilarity calls for very strict 
criteria on either the equations or the extensions. 

In lfl4l . it is conjectured that ±± x:i and _o. hp coincide on open terms for "most, if not all, of the 
standard process algebras". This conjecture is somewhat ambiguous, but we believe that the concept of 
non-evolving indices paves the way to formalizing and proving it. If such a conjecture is formulated and 
solved, it allows one to use the admissive criteria defined for hp-bisimilarity to show that for "most, if 
not all standard process algebras" ci-bisimilarity is robust. 

Also in lPT4l . a notion of substitutive bisimilarity (acronym: sb-bisimilarity) is presented. This notion 
is a combination of ci- and fh-bisimilarity (taking the derivable transitions of open terms from the empty 
set of premises into account) with an additional requirement of preservation of the bisimulation relation 
under instantiation (of variables with open terms). It is worth noting that sb-bisimilarity is not preserved 
under operational extensions, as witnessed by our Examples l4l [T4l and [T51 However, in lfl4l it is proven 
that under some condition corresponding to our notion of initial fertility hp- and sb-bisimilarity coincide. 
Hence, all our preservation results (Theorems [191 and IT6l> for hp-bisimilarity carry over to sb-bisimilarity 
if both the original and the extended TSSs are initially fertile. It remains to be further investigated 
whether sharper results for the preservation of sb-bisimilarity can be obtained. 

Extending the definitions of fh- and hp-bisimilarity to other rule formats (e.g., full GSOS, tyft and 
ntyft) is non-trivial and it remains to be studied whether the robustness results carry over to the extended 
settings. 
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